CVE-2004-0914

Advisory lineage Upstream: 0 Downstream: 4
Modified
Published: 15 Dec 2004, 05:00
Last modified:08 Aug 2024, 00:31

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
10 HIGH
v2.0 (nvd)
EPSS Score
2.17% LOW
2% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

15 Dec 2004, 05:00
Published
Vulnerability first disclosed
08 Aug 2024, 00:31
Last Modified
Vulnerability information updated

Description

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

CVSS Metrics

  • v2.0HIGHScore: 10AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 2.17% Percentile: 85%

Affected Systems

  • lesstiflesstif

    0.93 | 0.93.12 | 0.93.18 | 0.93.34 | 0.93.36 | 0.93.40 | 0.93.91 | 0.93.94 | 0.93.96

  • redhatfedora_core

    core_2.0 | core_3.0

  • susesuse_linux

    10 | 8 | 8.1 | 8.2 | 9.0 | 9.1 | 9.2

  • xfree86_projectx11r6

    3.3 | 3.3.2 | 3.3.3 | 3.3.4 | 3.3.5 | 3.3.6 | 4.0 | 4.0.1 | 4.0.2.11 | 4.0.3 | 4.1.0 | 4.1.11 | 4.1.12 | 4.2.0 | 4.2.1 | 4.3.0

  • x.orgx11r6

    6.7.0 | 6.8 | 6.8.1

References (22)